Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about the example analysis of the combination of Acegi security system and JSF, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

In Java Web development, Javabean security involves two different concepts, authentication and authorization. The former is about confirming whether the user is really who they claim to be. Authorization is about confirming whether the user is allowed to perform a specific operation. JSF (JavaServer Faces) is a part of J2EE 5 development platform. As a presentation layer technology, Java developers are becoming more and more favored. During the development process, JSP is easily integrated with Spring using similar technologies through DI technology. After the combination of JSF and Acegi security system, the security of JavaBean has been greatly improved.

A very important feature of Acegi security system is that it does not have the concept of roles and user groups. Acegi security system currently supports two types of security management objects. The * class is designed to enable Bean managed by Spring to be used as MethodInvocation, and Bean can be managed through ProxyFactoryBean and BeanNameAutoProxyCreator, just like transaction management in Spring. The second category is FilterInvocation. It is created with a filter (Filter) and simply wraps HTTP's ServletRequest,ServletResponse and FilterChain. FilterInvocation can be used to protect HTTP resources. In general, developers do not need to understand how it works, because they only need to add Filter to the web.xml,Acegi security system to work.

This paper uses a simple Web application example of Apache myfaces jsf implementation to show you how to use Spring application context to integrate the authentication and authorization functions of acegi to achieve the application of JSF. Readers can understand how Acegi implements role authorization at the URL level and how to implement the security instructions for the business layer of Acegi.

The sample application is a page where the user logs in to purchase. The user login window enters the correct user name and password, redirects to a web page, and the user may purchase behavior in the new web page. We will use the security details of the configuration of the Acegi security framework to ensure that the user's ID has been verified and that his presence authorizes the purchase page. The user can access the purchase page, if any, role_urlaccess. It ensures that the purchase made by the user is a safe business behavior. Three frameworks of Acegi, JSF and Spring are involved in JSF and Acegi security authorization verification.

* * step: users visit the JSF web page

Step 2: Acegi checks whether the visiting user is authorized to access the page.

Step 3: if authorization verification is valid, hand over control to an interface servlet that serves for JSF.

Step 4: during the preparation process, JSF will find Catalog bean.

Step 5: JSF examines the interface structure file (Faces configuration file) to find the defined Catalog and instantiates it. The publicData and privateData attribute parameters of Catalog bean are written to publicCatalog and privateCatalog beans that are not materialized.

Step 6: JSF interprets publicCatalog and privateCatalog bean using Spring's DelegatingVariableResolver variable parser.

Step 7: JSF uses Acegi generation to get publicCatalog and privateCatalog beans methods to read public and private data.

Step 8: Acegi again executes its authentication process to access bean.

Step 9: when Acegi obtains that the user has successfully accessed the bean information, the system will generate an acquisition method to read the public and private data and transmit the data to the JSF.

Step 10: JSF calls the setting method of directory bean to write public and private data to Catalog bean

Step 11: JSF executes its cycle completion and transmits the page JSF smoothly.

In this way, the process of a user's purchase operation is completed from entering the user to entering the system. In this process, Acegi and JSF work together to complete the authentication and authorization of users. Compared to the process of JSP user access authorization, the life cycle of JSF is much more complex than JSP. The life cycle of JSP is very simple, and when the page is executed, the HTML tag is generated immediately, and the life cycle ends. A complete JSF-Acegi request-processing life cycle is carefully planned into 11 phases, but the JSF framework manages all this, so programmers gain more control without increasing the workload and greatly improving the security performance of the system.

After reading the above, do you have any further understanding of the example analysis of the combination of Acegi security system and JSF? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.